1. Field of the Invention
The present invention relates generally to the field of computer security and more particularly, to a method and apparatus for secure processing of cryptographic keys.
2. Description of Related Art
Computer security concerns are prompting users to take extraordinary measures to protect confidential information. Computer systems employ various types of access restrictions to insure that only authorized users can gain access to the system resources. Complex encryption and decryption algorithms are used to protect confidential information from being intercepted and decoded while being sent over public networks. Furthermore, new techniques such as digital signatures, digital envelopes, certification, authentication and non-repudiation are being used to authenticate users, allow privileged access, and to promote secure online electronic commerce. All these techniques require some form of xe2x80x9csecretxe2x80x9d information, called xe2x80x9ckeys,xe2x80x9d in order to secure the information. The secret keys used to secure data, allow access, authenticate users, etc. are collectively referred to as xe2x80x9ccryptographic keys.xe2x80x9d These cryptographic keys, to be most effective, should be handled in a secure environment so that security breaching processes cannot discover the xe2x80x9csecretxe2x80x9d information. Cryptography techniques are discussed generally in Applied Cryptography, 2nd Edition, Bruce Schneier, John Wiley and Sons, Inc. (1996), herein incorporated by reference.
For example, one method of remote user access involves the use of a secret key stored on a token and is known as challenge/response identification. The token may consist of any type of removable storage device, such as a floppy disk, a Fortezza card, PCMCIA card, smart card, or even a xe2x80x9cvirtualxe2x80x9d smart card which exists only in software. Physical possession of the token allows the user to access the remote server. In this scheme, the host sends a random number to the user as a challenge. The user returns a response based on a mathematical calculation on the challenge and a secret key known to both parties. By independently performing the same calculation at both ends, the identity of the user may conclusively be determined. The secret key itself is never transmitted, eliminating the possibility of it being captured on the public network.
Processing the response and the secret key on the user""s computer, however, creates security problems. The user may observe the secret key and validation program and copy the secret key and/or validation program. Other software running on the computer may also observe and copy the secret information. Thus, the secret key and validation program should be processed in a secure environment which cannot be tampered with or observed by the user or other computer processes.
In order to protect the secret key and validation program from tampering, the preferred method has been to use smart cards. Each smart card is a credit card sized plastic card which has a special type of embedded integrated circuit. The integrated circuit holds information in electronic form and processes the information within the confines of the card. Since the secret key and any necessary encryption/decryption algorithms or validation programs are processed within the smart card, outside processes cannot observe the secret information. The internal processing of the smart card is not even viewable by the user. Smart cards typically consist of the following components:
a microprocessor (usually 8-bit)
EEPROM (usually 8 to 32 Kbit)
an on-chip operating system
embedded cryptographic software (implementing either DES, zero-knowledge, or RSA algorithm)
a secret key encrypted with a permanent PIN preprogrammed into the EEPROM
The smart card provides a secured environment for storage and processing of the secret key because all operations based on the secret key are performed within its boundary. The secret key or cryptographic algorithms are thus never exposed to the outside world, and therefore cannot be observed by unauthorized users. Smart cards have been used to implement not only password validation schemes, but also encryption/decryption algorithms, user authentication, and non-repudiation methods. Any application which requires some secret information in order to process data can be adapted to take advantage of a smart card""s secure processing environment. The physical smart card scheme, however, is expensive and cumbersome because each user must have a physical smart card and a smart card reader in order to gain system access. Smart card readers currently cost about $100 each in small quantities, and the smart cards themselves cost between $6 to $8 per card. Installing physical smart card readers in each computer could represent a significant expense for even a small implementation.
Recognizing the costs associated with implementing physical smart card authentication systems, several companies have proposed using xe2x80x9cvirtual smart cards.xe2x80x9d As currently implemented, a virtual smart card exists in software, and runs as an application. The secret key is usually stored on a hard drive or a floppy disk and is protected by a Personal Identification Number (PIN). Thus, any machine which has the virtual smart card software and associated PIN can access the remote system. The problem with this approach, however, is that the processing of the secret key is done in the xe2x80x9copenxe2x80x9dxe2x80x94i.e. the secret key is read into the system memory and unlocked in an xe2x80x9copenxe2x80x9d mode. This makes the key and its processing susceptible to tampering by other processes running on the same system.
It would therefore be desirable to have a computer security system in which cryptographic keys, algorithms, and associated programs are stored and processed in a secure processing environment, which cannot be accessed by other system processes or observed by the user. It would also be desirable for the security system to use existing hardware, without requiring any additional peripheral devices.
The present invention is a method and apparatus for secure storage and processing of cryptographic keys using a secure processor mode and an associated secure memory. A processor is initialized into a secure processing mode which cannot be interrupted by other interrupts. The associated secure memory cannot be accessed by any other processes, when the processor is not in the secure processing mode. During runtime, when the processor enters the secure processing mode, the operating system is suspended.
A cryptographic key, stored in an encrypted form, resides on a removable storage device, such as a floppy disk, CD-ROM, dongle, etc. The system reads the cryptographic key from the removable storage device into the secure memory only when the system has entered the secure processor mode. Any required cryptographic programs, which may be stored in the system BIOS, are also loaded into the secure memory when the processor is in the secure mode. The secure memory is locked, if necessary, to prevent other processes from accessing the stored data. Once the key and program are loaded into the secure memory, the user is prompted to remove the removable storage device and the processor exits the secure mode. Thus, the loading of the key and program into the secure memory is invisible to the operating system and other processes.
The user may be required to enter a PIN to unlock the secret key stored in the secure memory. By loading the secret key into the secure memory, and unlocking the key with the PIN, the system has the same functionality as a physical smart card. Applications can request cryptographic services, as if a physical smart card is attached to the system. Each time an application requests a cryptographic service, the processor enters the secure processor mode to perform the required operations. Thus, the storage and processing of the secret key is transparent to the operating system and other processes. To clear the key, the user can request the system to clear the secure memory.
As described herein, the system enters the secure processor mode to load the secret key and required cryptographic programs into the secure memory. The system may enter the secure mode to load and process the key and required cryptographic programs at any time during run-time, or at boot-time. However, the processor does not have to be in the secure mode during boot-time in order to load or process the key, since no other processes are running. Secure processing of the cryptographic key is thus obtained without the need for any additional hardware.